Hi Antonio, You should use algorithm 7, RSASHA1-NSEC3-SHA1. It's SHA1 for NSEC3.
Best regards, Matthijs On 10/31/2012 11:16 AM, Antonio Marcos López Alonso wrote:
Hi all, I'm setting up a testing DNSSEC server using BIND 9.7.3 and OpenDNSSEC. I have succesfully signed a zone using ods and RSASHA1 (algorithm 5) for NSEC3, but BIND complains refusing to load the zone: warning: zone myzone.mydomain.org/IN: unsupported nsec3 hash algorithm: 5 error: zone myzone.mydomain.org/IN: no supported nsec3 hash algorithm error: zone myzone.mydomain.org/IN: not loaded due to errors. Someone told me BIND 9.7.3 supports RSASHA1 for NSEC3, as he succesfully signed and loaded the zone after using the dnstools, so I would like someone to confirm this and to cast some light on why this error is being issued. Thanks in advance, Antonio _______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
_______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
